Key Highlights

• 81% of businesses very often deal with issues related to malicious bots.
• More than half of businesses encountered more than 50 bot attacks in the last 12 months.
• 80% say there has been an increase in financial loss within their organization because of more complex and sophisticated bot attacks.
• One in four say a single bot attack has cost them $500,000 or more in the past year, and two in three say a single attack has cost $100,000 or more.

Gary Sevounts, CMO, Kount, said, “The new 2020 Bot Landscape and Impact Report reveals critical gaps in the current state of fraud detection with traditional solutions, as nearly nine in 10 businesses are saying that current options aren’t effective for the increasingly complex and sophisticated attacks of today. With digital acceleration at an unprecedented pace, businesses are encountering increasing bot attacks with more consequences, including brand reputation damage. This demonstrates that event-based protection at every step of the customer journey is critical to success.”

Rise of Botnet Exploit Activity

A similar research from Nuspire found an increase in botnet and exploit activity in Q2 2020 by 29% and 13% respectively, which is more than 17,000 botnet and 187,000 exploit attacks a day. While attackers targeted remote work technology at the source to obtain access to the enterprise in Q1 2020, the research found hackers changed their attacking tactics to leverage botnets to obtain a foothold of the targeted network systems. Read more.

The post Malicious Bot Attacks Surge Drastically; 50% of Businesses Affected in Last 12 Months appeared first on CISO MAG | Cyber Security Magazine.

By Pankit Desai, Co-founder and CEO, Sequretek

There are two trends in the 2020s that will throw up a new security challenge:

• First is on account of the all too powerful movement to cloud spearheaded by the new AMIGOS aka Amazon, Microsoft, IBM, Google, Oracle, and SAP, resulting in an astounding CAGR of over 150% in cloud consumption. Whilst there are obvious benefits of moving to the cloud, the onus on security the last mile, in this case, an “Identity” is pretty much left outside the purview of the core services offered by cloud service providers.
• The second is the diversity of technology privileges and commensurate access rights that end-users in enterprises have access to these days. Traditionally, enterprises used to worry about user privileges linked to applications since the majority of the users and the data that was generated by applications were governed through them. In the recent past, this has moved to include a diverse set of privileges to include shared services, endpoint related elements, and infrastructure and network-related privileges.

In the past, organizations would have looked at traditional identity and access management solutions to address these challenges, but they have mostly flattered to deceive. The complexity of the architecture primarily arising out of a centralized identity profile with tight integration to the target systems, primarily on-premise applications has meant inordinately long and expensive implementation cycles.

The impact of the trends mentioned above and the inability of the traditional approach to address identity-related challenges has exposed an underbelly that needs a complete rethink on this new perimeter–which is “Identity.”

The industry is abuzz with the next set of terms such as Zero trust, User Behavior Analytics, and multi-factor authentication systems, as a way to address the challenges of the “Identity” perimeter. While identifying and authenticating the right user to the right system is absolutely important, there is an area that goes relatively unaddressed, and that is linked to Access Governance. With the heterogeneity of access privileges as well as user types, and add to it the complexity brought together by constant churn in user roles, one really needs to get their arms around what these identities are supposed to do in the first place.

There are a few aspects related to Access Governance for the Identity that needs to be understood well enough to be defended.

• Stale Access: First, at an organizational level a complete understanding of privileges granted to all user types: employees & contractors. Stale and inappropriate access rights contribute to a large chunk of insider related threats. Ensuring disabling of user access for users who are on extended leave (sabbatical/parental leave/vacation) is also a good practice to limit potential risks with access.
• Beyond Application Access: Whilst application privileges are important to control there is an equally important underbelly of privileges that needs to be controlled. For example, endpoint control (access to removable devices/USB blocking/admin rights), network (Internet/Wi-Fi/VPN), shared services (folder/file/printers), and cloud services.
• Privilege harvesting: Oftentimes, access rights end up being equated to the power one enjoys within the company, resulting in an uncontrolled access footprint at the highest echelons of the company. These are the same folks who are most likely targets for social engineering attacks. Understanding usage patterns and harvesting of access rights based on usage is one way to limit potential risks that could emanate, should the credentials be compromised.
• Financial Impact: Most applications (on-premise/cloud) have user-based licenses. Privilege harvesting ensures that you end up paying not only for what you use but more importantly for what you need.

Access governance is a reasonably well-understood concept in regulated industries. Periodic access compliance audits carried out by regulators at least ensures that any irregularity linked to role vs. access rights gets trued-up over time–though in most cases this ends-up being done manually.

Industries that don’t have any compliance-related requirements; Access Governance becomes a nice capability to have. This is a thinking that needs to change if one just looks at the security risk that one is exposed to.  If you are not convinced just look at the recent reports:

• Some Deutsche Bank Employees Kept Email Access After Being Fired (Bloomberg, 2019).
• An average of 22 percent of a company’s folders are accessible to every employee (Varonis, 2019).
• 71% of organizations have over 1,000 inactive users, and that means an additional 29% could have nearly that many (Lepide, 2020).

It is time now, for enterprises regulated and otherwise to move beyond paying lip service and seriously look at the potential risks that an ungoverned identity can pose to the organization.

About the author

Pankit Desai is Co-founder & CEO of Sequretek, a Mumbai based cybersecurity company. Sequretek is focused on the Cybersecurity space and was launched in 2013 with an aim to provide enterprise clients with an end-to-end cybersecurity platform. Pankit, a veteran in the IT industry, brings 20+ years of hardcore technology and leadership experience from the information technology industry to lead Sequretek. Prior to Sequretek, he was with Rolta as the President of Business Operations. He has also served in a senior leadership capacity with NTT Data Inc, Intelligroup, Wipro and IBM India. His vast experience has given him the ability to manage and scale global business units and service lines rapidly and efficiently. Pankit has diversified business operations and created an organization that has a multidimensional growth, understanding of business support functions, Financial Planning and Analysis, Recruitment and Operations, Internal IT, Quality, Marketing and Alliance.

Disclaimer: CISO MAG does not endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. Views expressed in this article are personal.

The post What’s Your Perimeter? Network, Identity, or Endpoint? appeared first on CISO MAG | Cyber Security Magazine.